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DETAILED ACTION 

Response to Amendments 

1. Applicant's amendments/arguments with respect to pending claims 1 - 38, amended 
claims 7, 13, 23 and 37 and new claims 39 - 43 filed 01/09/06 have been considered (MPEP 
714.04; 37 CFR 1.111) but they are not. persuasive. Amendments to the claims and 
specification have been accepted. 

Response to Arguments 

2. . Applicant's arguments with respect to claims 1 - 38 have been considered but are not 
persuasive. With regard to Applicant's argument in relation to claims 1, 16, 25 and 37 that 
Shimitzu et al. and Godoroja et al. does not teach a timer "reset to run for a specified time" and 
"providing access to secure data only when a timer is running", Examiner respectfully disagrees. 
Shimitzu et al. and Godoroja et al. teaches a clock mechanism that is set to operate in a 
"predetermined window of acceptable time" which the Examiner believes is equivalent to a 
"specified time". In both instances an allotment of time is identified (see column 2, line 20, 
column 3, line 20 - 21 , column 5, lines 9-10). Also, Shimitzu et al. and Godoroja et al. teaches 
that a message is only accessible when the element of time is present; the messages cannot be 
retrieved if the proper time reference is not intact. A time reference has two conditions — valid 
when a message is received within a predetermined time window and -invalid when a message 
is received outside of that time frame, therefore message content is secure until the time 
reference is verified which is equivalent to the timer of Applicant's invention (see column 5, lines 
58 - 60). For the same rationale as claims 1, 16, 25 and 37, Examiner respectfully maintains 
rejections of claims 2 - 5, 36 and 38. 

For claims 6, 7, 10, 17 and 25, Examiner respectfully disagrees with Applicant's 
arguments that Shimitzu et al. and Godoroja et al. does not teach a time remaining and that the 
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timer is always running. Examiner believes that a predetermined amount of time is set therefore 
if the packet is not deemed as invalid for not arriving in the predetermined time then it is valid as 
being received before/within predetermined time has expired which is equivalent to a time 
remaining. A predetermined window of acceptable time will inherently expire and thus is not 
always running (see column 2, line 20, column 3, line 20-21, column 5, lines 9-10). For the 
same rationale as claims 6, 7, 10, 17 and 25, Examiner respectfully maintains rejections of 
claims 8-9 and 11-12. Additionally the rejections for claims 18-21 are also upheld for the 
same reason as claim 17. 

For claims 13 and 14 respectively, Examiner respectfully disagrees with Applicant's 
argument that Shimitzu et al. and Godoroja et al. does not teach a "timer to be set within said 
portable computing system in response to receiving a determination that said present password 
matches said stored password" and "timer to be set within said portable computing system in 
response to receiving said approval code". Based on the verification of the password (verifying 
the matching of the present one with the stored one), the time reference is initialized. The 
password is also interpreted to be the approval code needed to be initialized the time reference 
(see column 2, lines 24 - 2; 5; column 3, lines 7-10 and column 6, lines 15-18). For the same 
rationale as claim 14, Examiner respectfully maintains rejections of claim 15. 

For claim 29, Examiner respectfully disagrees with Applicant's argument that Shimitzu et 
al. and Godoroja et al. does not teach setting a timer to run until a specified time has expired. 
As in Godoroja et al. a "predetermined window of acceptable time" will inherently expire (see 
column 2, line 20, column 3, line 20 - 21 , column 5, lines 9-10). For the same rationale as 
claim 29, the Examiner respectfully maintains rejections of claims 30 - 34. 

Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claim 1-38 and new claims 39 - 42 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Shimizu et a/, in US Patent 6,085,323 (hereinafter '323), and further in view 

of Godoroja et al. in US Patent 6,032,258 (hereinafter '258). 

As it relates to claim 1 , Shimizu et al. in US '323 teaches: 

A method for providing access to secure data through a portable computing system during a 

specified time, wherein said method comprises: 

establishing a connection (see US '323: column 2, line 47: where a signal 
exchange is possible between apparatuses) between said portable computing system 
(see column 2, line 44: first information processing apparatus) and a base computing 
system (see column 2, line 45; second information processing apparatus) to provide for 
transfer of data between said portable computing system and said base computing 
system; . 

but does not teach 

verifying identity of said base computing system within said portable computing 
system; 

resetting a timer within said portable computing system to run for a specified 
time; and 

providing access to said secure data only when said timer is running. 
Godoroja et al. in US '258 however, does teach 
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verifying identity of said base computing system within said portable computing 
system (see US '258: column 3, lines 15-21: where it is inherent that a nodes 
(instance case: PCS and BCS) each have a clock mechanism with correlating time 
which is an indicator of a valid identity)] 

resetting a timer within said portable computing system to run for a specified time 
(see column 3, lines 15-16: where each node maintains a time reference) ; and 

providing access to said secure data only when said timer is running (see column 
6, lines 15-16: where all data transmissions have time reference, if not it is considered 
invalid). 

For claim 1 , it would be obvious to one of ordinary skill in the art at the time of the 
invention to modify the methods of Godoroja et al. and Shimizu et al. as they both use features 
of a portable and base computing systems and timer functionalities within the same field of 
endeavor (connecting to and accessing secure data during specified time) and with the same 
problem sought to be solved (verifying that the rightful users are in possession of computer 
systems before features are enabled within a time measure). 

For claim 2, Shimizu et al in US '323 teaches 

receiving and storing a public cryptographic key from said base computing system 
during an initialization process, 

following said initialization process, generating a random number within said 
portable computing system; 

transmitting said random number to said base computing system; receiving a 
number transmitted from said base computing system; decrypting said number 
transmitted from said base computing system to form a decrypted number; and 
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determining that said decrypted number matches said random number (see 
column 2, lines 49 - 65). 
For claim 3, Shimizu et ai in US '323 teaches 
whether a password is entered correctly in said portable computing 
as taught by system (see column 13, line 44: authentication of a password). 
For claim 4, Godoroja et ai teaches 

transmitting an initial password to said base computing system during an initialization 
process, 

storing said initial password within said base computing system; 
following said initialization process, transmitting a present password to said base 
computing system; 

determining in said base computing system that said initial password matches said 
present password; 

transmitting an approval code from said base computing system to said portable 
computing system; and 

determining that said approval code has been received (US '258: see column 6, lines 59 
- 60: where verification is determined because only the source and destination nodes know the 
password). 

For claim 5, Shimizu et ai in US '323 teaches 

wherein said connection is established through a switched telephone network (US '323: 
see column 15, line 13: wherein a network can encompass applicant's network). 
For claim 6, Godoroja et ai in US '258 teaches 
wherein 
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said timer includes a timer register storing a number corresponding to a time remaining 
(US '258; see column 3, lines 5 -6: clock mechanism), 

said number corresponding to a time remaining is decremented in response to a series 
of timing pulses generated within said portable computing system, and 

setting said timer includes storing a number corresponding to said specified time in said 
timer register (US '258: column 4, lines 61 - 65). 

As it relates to claim 7, Shimizu et al. in US '323 teaches: 
A method providing for access to secure data through a portable computing system, wherein 
said access to said secure data is limited to a specified time, and wherein said method 
comprises: 

initializing a base computing system and said portable computing system to work 
together as a system by an initialization process comprising: 

storing data identifying said base computing system within said portable computing 
system (US '323: see column 2; line 67 and column 3, lines 1 -2); and 

resetting said portable computing system by a reset process following said initialization 
process including: 

establishing a connection to transmit data between said portable computing 
system and a base computing system (column 3, lines 3-4)] 

determining, using said data identifying said base computing system, that said 
connection has been made between said portable computing system and said base 
computing system (column 3, line 7, correlation storage means)] 
but does not teach 

setting a timer within said portable computing system to run until said specified 
time has expired; 
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determining if said timer is running; and providing access to said secure data 

only when said timer is running. 
Godoroja et ai in US '258 however does teach 

setting a timer within said portable computing system to run until said specified 

time has expired (US '258: see column 3, lines 23 - 24: clock synchronization)] 

determining if said timer is running; and providing access to said secure data 

only when said timer is running (see column. 5, lines 58 - 65). 

For claim 7, it would be obvious to one of ordinary skill in the art at the time of t the 
invention to modify the methods of Shimizu et ai and Godoroja et ai. as they both use features 
of a portable and base computing systems, and timer functionalities within the same field of 
endeavor (connecting to and accessing secure data during specified time) and with the same 
problem sought to be solved (verifying that the rightful users are in possession of computer 
systems before features are enabled within a time measure). 

For claim 8, Godoroja et ai in US '258 teaches 
wherein 

said initialization process additionally includes determining whether said data identifying 
a base computing system has been previously stored in said portable computing system; 

if said data identifying a base computing system is determined to have been previously 
stored, said data identifying a base computing system remains without being overwritten during 
said initialization process (US 258: see column 2, lines 18- 23: where instance deemed "old" by 
time reference then packet is discarded whereby it is inherent that a previously stored instance 
is retained without modification/replacement i.e. being overwritten). 

For claim 9, Shimizu et al. in US '323 teaches 
The method of claim 8, wherein said data identifying said base computing is a public 
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cryptographic key of said base computing system, and wherein said process of determining that 
said connection has been made between said portable computing system and said base 
computing system includes: 

generating and storing random number within said portable computing system; 

transmitting said random number from said portable computing system to said base 
computing system; 

encrypting said random number within said base computing system with a private 
cryptographic key of said base computing system to form an encrypted number; 

transmitting said encrypted number from said base computing system to said portable 
computing system; (US '323: see column 3, lines 6-12) 

decrypting said encrypted number within said portable computing system with said 
public cryptographic key of said base computing system to form a decrypted number; (see 
column 3 } lines 13 - 24) and 
but does not teach 

comparing said decrypted number with said random number stored within said portable 
computing system. 

Godoroja et al. in US '258 however does teach 

comparing said decrypted number with said random number stored within said portable 
computing system (US '258; column 4, line 61: as performed by the comparison step) as taught 
by Godoroja et al. in US '258. 

For claim 9, it would be obvious to . one of ordinary skill in the art at the time of the 
invention to modify the methods of Godoroja et al. and Shimizu et ai as they both use features 
of a portable and base computing systems and timer functionalities within the same field of. 
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endeavor (identifying and verifying public cryptographic key of computing systems) and with the 
same problem sought to be solved (secure connections between computer systems). 

For claim 10, Godoroja et al in US '258 teaches 

wherein 

said timer includes a timer register storing a number corresponding to a time remaining 
(US '258: see column 3, lines 5-6), 

. said number corresponding to a time remaining is decremented in response to a series 
of timing pulses generated within said portable computing system, and 

setting said timer includes storing a number corresponding to said specified time in said 
timer register (see column 4, lines 61 -65). 

For claim 1 1 , Godoroja et al. in US '258 teaches 

wherein 

said method additionally comprises receiving an input corresponding to a time, and 
setting said specified time according to said input (US '258: see column 3, lines 42 - 45) 
as taught by 

For claim 12, Shimizu et al. in US '323 teaches 

additionally comprising storing a cryptographic public cryptographic key of said portable 
computing system within said base computer system (US '323: column 3, line 36 - 40). 
For claim 13, Godoroja et al (US '258) teaches 

said initialization process additionally includes receiving a present password as an input, 
determining if a password has been previously stored, and storing said present password in 
response to a determination that said password has not been previously stored, 

said reset process additionally includes receiving a present password as an input and 
determining if said present password matches a stored password; and 
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said timer is set within said portable computing system only in response to a 
determination that said present password matches said stored password (US '258: column 3, 
lines 30 -41). 

For claim 14, Godoroja et ai. (US '258) teaches 

wherein 

said present password is received as an input within said portable computing system, 
said present password is transmitted from said portable computing system to said base 
computing system, 

said present password is stored within said base computing system following a 
determination that a password is not previously stored within said base computing system; 

a determination is made in said base computing system of whether said present 
password matches a stored password, (US '258: see column 3, lines 30 - 41) 

said reset process additionally includes transmitting an approval code from said base 
computing system to said portable computing system in response to a determination that said 
present password matches said stored password, and 

said timer is set within said portable computing system in response to receiving said 
approval code (US '258: see column 6, lines 59 - 60). 

For claim 15, Shimizu et ai in US '323 teaches 
The method of claim 14, wherein said data identifying said base computing is a public 
cryptographic key of said base computing system, and wherein said process of determining that 
said connection has been made between said portable computing system and said base 
computing system includes: 

generating and storing random number within said portable computing system; 
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concatenating said random number and said present password within said portable 
computing system to form a concatenated number; 

encrypting said concatenated number within said portable computing system with said 
public cryptographic key of said base computing system to form a first encrypted number; 

transmitting said first encrypted number from said portable computing system to said 
base computing system; (US '323: see column 3, lines 6- 12) 

decrypting said first encrypted number within said base computing system with a private 
cryptographic key of said base computing system to form a decrypted number; 

dividing said decrypted number to form a decrypted random number and said present 
password; 

encrypting said decrypted random number within said base computing system with a 
private cryptographic key of said base computing system to form a second encrypted number; 

transmitting said second encrypted number from said base computing system to said 
portable computing system; 

decrypting said second encrypted number within said portable computing system with 
said public cryptographic key of said base computing system to form a decrypted number; (see 
column 3, lines 13-24) and 
but does not teach 

comparing said decrypted number with said random number stored within said portable 
computing system. 

Godoroja et al. in US '258 however teaches 

comparing said decrypted number with said random number stored within said portable 
computing system (US '258: see column 4, line 61) as taught by Godoroja et al. 
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For claim 15, it would be obvious to one of ordinary skill in the art at the time of the 
invention to modify the methods of Shimizu et al. and Godoroja et al. as they both use features 
of a portable and base computing systems and timer functionalities within the same field of 
endeavor (identifying and verifying public cryptographic key of computing systems) and with the 
same problem sought to be solved (secure connections between computer systems). 

For claim 16, Shimizu et al in US '323 teaches 
A system for providing controlled access to secure data, wherein said system comprises: 

a portable computing system providing said controlled access to secure data during a 
specified time, wherein said portable computing system includes first processing means, first 
storage means, and a timer; {US '323: see column 2, line 44) 

a base computing system including second processing means and second storage 
means; (see column 2, line 45) 

a connection between said portable computing system and said base computing system 
for transmitting data between said portable computing system and said base computing system; 
(see column 2, line 47) and 

a first program, executing within said first processing means, causing said portable 
computing system to perform a process including: 

determining if a public cryptographic key is stored in a first location within said 

first storage means; 

in response to determining that a public cryptographic key is not stored in said 

first location, transmitting a request code, receiving said public cryptographic key, and 

storing said public cryptographic key in said first location; (see column 3, lines 42 - 51) 
transmitting a first code; 
receiving a response to said first code; 
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determining from said response to said first code if a connection has been made 
to said base computing system; and (see column 3, lines 23 - 24) 

and 

a second program, executing within said second processing means, causing said base 
computing system to perform a process including: 

receiving said request code; in response to receiving said request code, 
transmitting a public cryptographic key of said base computing system to said portable 
computing system; 

receiving said first code; and 

in response to receiving said first code, transmitting said response to said first 
code (US '323: see column 3, lines 52 - 58) 
but does not teach 

setting said timer to run until said specified time has expired; a subroutine 
executing within said first processing means, causing said portable computing system to 
perform a process including: 

determining if said timer is running; and 

providing access to said secure data only when said timer is running. 
Godoroja et a/, in US '258 however does teach 

setting said timer to run until said specified time has expired; a subroutine 
executing within said first processing means, causing said portable computing system to 
perform a process including: 

determining if said timer is running; and 

providing access to said secure data only when said timer is running; (US '258: 
see column 3. lines 23 - 24 and column 5, lines 58-65). 
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For claim 16, it would be obvious to one of ordinary skill in the art at the time of the 
invention to modify the methods of Godoroja et al. and Shimizu et ai as they both use features 
of a portable and base computing systems and timer functionalities within the same field of 
endeavor (connecting to and accessing secure data during specified time) and with the same 
problem sought to be solved (providing controlled access to secure data within specific time). 

For claim 17, Godoroja et al. shows wherein 

said first storage means includes a timer register storing a number corresponding to a 
time remaining, 

said number corresponding to a time remaining is decremented in response to a series 
of timing pulses generated within said portable computing system, and 

setting said timer includes storing a number corresponding to said specified time in said 
timer register (US '258: see column 4, lines 61 - 65). 

For claim 18, Shimizu et al. shows wherein 

said step of transmitting a first code includes generating a random number, storing said 
random number in a second location within said first storage, and transmitting said random 
number to said base computing system as said first code, (US '323: see column 4, lines 21 - 
23) 

said step of transmitting said response to said first code includes encrypting said random 
number with a private cryptographic key of said base computing system to form an encrypted 
random number, and transmitting said encrypted random number as said response to said 
portable computing system as said response to said first code, (US '323: see column 4, lines 24 
- 28) and 

said step of determining from said response to said first code if a connection has been 
made to said base computing system includes decrypting said encrypted number to form a 
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decrypted number and comparing said decrypted number with said random number stored in 
said second location within said first storage (US '323: see column 4, lines 29 - 33). 
For claim 19, Shimizu et al. shows wherein 

said first processing means includes a first microprocessor and a first cryptographic 
processor, 

said encrypted number is decrypted in said first cryptographic processor, 

said first storage means includes first secure storage accessed only through said first 
cryptographic processor, and 

said first location and said timer register within said first storage means are within said 
secure storage (US '323: see Figure 10-11 and column 12, lines 4 - 15: where it is inherent 
that there is a cryptographic processor within each information processing apparatus). 

For claim 20, Shimizu et al. shows wherein 

said second processing means includes a second microprocessor and a second 
cryptographic processor, 

said random number is encrypted to form said encrypted number within said second 
cryptographic processor, 

said second storage means includes second secure storage accessed only through said 
second cryptographic processor, and 

said private cryptographic key of said base computing system is stored within said 
second secure storage (US '323: see Figure 10-11 and column 12, lines 4 - 15). 

For claim 21 , Shimizu et al. in US '323 teaches 

said portable computing system additionally includes a display, 

said first program additionally causes a successful completion message to be displayed 
on said display in response to a determination from said response to said first code that a 
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connection has been made to said base computing system, and (US '323: see Figure 8 and 

Figure 12) 

but does not show 

said first program additionally causes an error message to be displayed on said display 
in response to a determination from said response to said first code that a connection has not 
been made to said base computing system. 

Godoroja et al. in US '258 howeverdoes teach 

said first program additionally causes an error message to be displayed on said display 
in response to a determination from said response to said first code that a connection has not 
been made to said base computing system (US '258: column 3, lines 2 - 3: where the header 
includes information about transmission). 

For claim 21 , if would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et al. and Shimizu et al. as they both use 
features of a portable and base computing systems and timer functionalities within the same 
field of endeavor (displaying message based on connection between computing systems) and 
with the same problem sought to be solved (providing controlled access to secure data within 
specific time). 

For claim 22, Shimizu et al. teaches 

said portable computing system additionally includes a display and a keyboard, and 
said first program causes said portable computing to perform a process additionally 
including displaying a menu, receiving a user input from said keyboard as said menu is 
displayed, and determining said specified time from said user input (US '323: see Figure 12). 
For claim 23, Shimizu et al. teaches 

said portable computing system additionally includes a display and a keyboard, 
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said first program causes said portable computing to perform a process additionally 
including displaying a menu and receiving a password from said keyboard as said menu is 
displayed, 

said step of transmitting a first code includes: 
generating a random number; 

storing said random number in a second location within said first storage; {US 
'323; see Figure 8: as performed by the temporary key generator) 

and 

encrypting said concatenated number with a private cryptographic key of said 
portable computer system stored in a third location within said first storage means to 
form said first code; and 

transmitting said random number to said base computing system as said first 

code, 

said step of transmitting said response to said first code includes: 

decrypting said first code with a private cryptographic key of said base computing 
stored in a fourth location within said second storage means; 

separating said password from said random number; 

determining whether said password separated from said random number 
matches a password stored; 

encrypting said random number with a private cryptographic key of said base 
computing system to form an encrypted random number, and 

in response to determining that said password separated from said random 
number matches said password stored, 
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transmitting said encrypted random number as said response to said portable computing 
system as said response to said first code, 

said second program causes said base computing system to perform a process 
additionally including: 

determining if a password is stored in a fifth location within said second storage 

means; 

in response to a determination that a password is not stored in said fifth location, 
storing said password separated from said random number in said fifth location; 

in response to a determination that a password is stored in said fifth location, 
comparing said password stored in said fifth location with said password separated from 
said random number; 

in response to determining that said password stored in said fifth location 
matches said password separated from said random number, encrypting said random 
number and to form a transmitting an approval code to said portable computing system 
as said response to said first code; and 

said step of determining from said response to said first code if a connection has 
been made to said base computing system includes determining that said approval code 
has been received 
but does not teach 

concatenating said random number with said password to form a concatenated number. 
Godoroja et al. in US '258 however does teach 

concatenating said random number with said password to form a concatenated number 
(US '258: column 3, lines 54 - 59: combining said characteristics) as taught by 
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For claim 23, it would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et al. and Shimizu et al. as they both use 
features of a portable and base computing systems and timer functionalities within the same 
field of endeavor (arranging values in such a way as to create a value to compare before data is 
exchanged) and with the same problem sought to be solved (providing controlled access to 
secure data within specific time). 

For claim 24, Godoroja et al. in US '258 shows wherein 

said second program causes said base computing system to perform a process 
additionally including, in response to determining that said password stored in said fifth location 
does not match said password separated from said random number, transmitting an error code 
to said portable computing system as said response to said first code 

said first program causes said portable computing to perform a process additionally 
including displaying a successful completion message on said display in response to receiving 
said approval code, and displaying an error message on said display in response to receiving 
said error code {US '258: see column 3, lines 2 - 3). 

For claim 25, Godoroja et al. in US '258 shows wherein 

said first storage means includes a timer register storing a number corresponding to a 
time remaining, 

said number corresponding to a time remaining is decremented in response to a series 
of timing pulses generated within said portable computing system, and 

setting said timer includes storing a number corresponding to said specified time in said 
timer register (US '258: see column 4, lines 61 - 65). 

For claim 26, Shimizu et al. shows wherein 
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said first processing means includes a first microprocessor and a first cryptographic 
processor, 

said concatenated number is encrypted in said first cryptographic processor, 

said first storage means includes first secure storage accessed only through said first 
cryptographic processor, and 

said secure storage includes said first location, said third location, and said timer register 
within said first storage means (US '323: see Figure 10-11 and column 12, lines 4 - 15). 

For claim 27, Shimizu et al. shows wherein 

said second processing means includes a second microprocessor and a second 
cryptographic processor, 

said random number is encrypted to form said encrypted number within said second 
cryptographic processor, 

said second storage means includes second secure storage accessed only through said 
second cryptographic processor, and 

said fourth and fifth locations within said second storage means are within said second 
secure storage (US '323: see Figure 10-11 and column 12, lines 4 - 15). 

For claim 28, Shimizu et al. shows 

said step of transmitting a request code includes transmitting a public cryptographic key 
of said portable computing system, and 

said step of receiving a request code includes storing said public cryptographic key of 
said portable computing system in a sixth location within said second storage means (US f 323: 
see Figure 10-11 and column 12, lines 4 - 15)1. 
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For claim 29, Shimizu et a/, in US '323 teaches 
A computer readable medium within a portable computing system, wherein said computer 
readable medium has computer readable instructions for performing a method comprising: 

determining if a public cryptographic key is stored in a first location within said first 
storage means; 

in response to determining that a public cryptographic key is not stored in said first 
location, transmitting a request code, receiving said public cryptographic key, and storing said 
public cryptographic key in said first location; 

transmitting a first code; 

receiving a response to said first code; 

determining from said response to said first code if a connection has been made to a 
base computing system; (US '323: see column 3, lines 42-51) and 
but does not teach 

setting a timer to run until a specified time has expired. 

Godoroja et al. in US '258 however does teach 

setting a timer to run until a specified time has expired (US '258:. see column 5, lines 58 
- 65) as taught by Godoroja. 

For claims 29, it would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et al. and Shimizu et al. as they both use ■ 
features of a portable and base computing systems and timer functionalities within the same 
field of endeavor (exchanging data with a specified time period) and with the same problem 
sought to be solved (confirming users and connections between systems). 

For claim 30, Godoroja et al. teaches 
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wherein said step of setting aid timer includes storing a number corresponding to said 
specified time in a timer register (US '258: see column 4, line 61 - 65). 
For claim 31 , Shimizu et al. teaches 

said step of transmitting a first code includes generating and storing a random number, 
and transmitting said random number to said base computing system as said first code, and 

said step of determining from said response to said first code if a connection has been 
made to a base computing system includes decrypting an encrypted number to form a 
decrypted number and comparing said decrypted number with said random number (US '323: 
see column 4, lines 21-28). 

For claim 32, Godoroja et al. teaches 

displaying a successful completion message in response to receiving an approval code; 

and 

displaying an error message in response to receiving an error code (US '258: see 
column 3, lines 2-3). 

For claim 33, Shimizu et al. teaches 
displaying a menu; 

receiving an input from a keyboard as said menu is displayed; and 

determining said specified time from said input (US '323: see Figure 12, item 22; and 
column 14, lines 15-26). 

For claim 34, Shimizu et al. in US '323 teaches 
The computer readable medium of claim 29, wherein said method additionally includes 
displaying a menu and receiving a password from a keyboard as said menu is displayed, said 
step of transmitting a first code includes: 

generating a random number; 
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storing said random number in a second location within said first storage; 

and 

encrypting said concatenated number with a private cryptographic key of said portable 
computer system stored in a third location within said first storage means to form said first code; 
and 

transmitting said random number to said base computing system as said first code {US 
'323: see Figure 8: temporary key generator; and column 10, lines 58 - column 1 1, lines 1-10) 
but does not teach 

concatenating said random number with said password to form a concatenated number. 
Godoroja et a/, in US '258 however does teach 

concatenating said random number with said password to form a concatenated number, 
(US '258: column 3, lines 54 - 59). 

For claims 34, it would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et ai and Shimizu et a/., as they both use 
features of a portable and base computing systems and timer functionalities within the same 
field of endeavor (arranging values in such a way as to create a value to compare before data is 
exchanged) and with the same problem sought to be solved (providing controlled access to 
secure data within specific time). 

For claim 35, Shimizu et al. in US '323 teaches 
In a portable computing system having a user interface including a display and a keyboard, a 
method for limiting access to secure data to a specified time, wherein said method comprises: 

displaying a screen location for entering a number; 

accepting an input from said keyboard; 

displaying said input from said keyboard in said screen location; 
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calculating a number determining said specified time as a function of said input from said 
keyboard; (US '323: see Figure 12 and column 14, lines 15 -26) 
generating a random number; 

transmitting said random number to a base computing system; 

receiving an encrypted number from said base computing system, 

decrypting said encrypted number with a public cryptographic key stored within said 

portable computing system to form a decrypted number; 

determining if said random number matches said decrypted number; and 

in response to determining that said random number matches said decrypted number, 

(US '323: see Figure 8 and column 13, lines 38 - 40) 

but does not teach 

setting a timer within said portable computing system to run for said specified time, 
wherein said access to secure data is provided only when said time is running (US '258 column 
3, lines 23 - 24 and column 5 lines 58 - 65). 

For claim 36, Godoroja et al. teaches 

displaying a successful completion message in response to determining that said 
random number matches said decrypted number; and 

displaying an error message in response to determining that said random number does 
not match said decrypted number (US '258: see column 3, lines 2 - 3). 

For claim 35, it would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et al. and Shimizu et al. as they both use 
features of a portable and base computing, systems and timer functionalities within the same 
field of endeavor (displaying message based on connection between computing systems) and 
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with the same problem sought to be solved (limiting access to secure data within a specified 
time). 

For claim 37, Shimizu et a/, in US '323 teaches 
In a portable computing system having a user interface including a display and a keyboard, a 
method for limiting access to secure data to a specified time, wherein said method comprises: 

displaying a first screen location for entering a password and a second screen location 
for entering a number; 

accepting a first input from said keyboard; 

generating a password from said first input; 

accepting a second input from said keyboard; 

displaying said input from said keyboard in said second screen location; 
calculating a number determining said specified time as a function of said second input 
from said keyboard; {US '323: see Figure 12 and column 14, lines 15 - 26) 
generating a random number; 

encrypting said password with a public cryptographic key stored in said portable 
computing system; 

transmitting said random number to a base computing system; 

receiving an encrypted number from said base computing system, 

decrypting said encrypted number with said public cryptographic key stored within said 
portable computing system to form a decrypted number; 

determining if said random number matches said decrypted number; and in response to 
determining that said random number matches said decrypted number, {US '323: see Figure 8 
and column 13, lines 38 - 40) 
but does not teach 
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setting a timer within said portable computing system to run for said specified time, 
wherein said access to secure data is provided only when said time is running: 
Godoroja et a/, in US '258 however does teach 

setting a timer within said portable computing system to run for said specified time, 
wherein said access to secure data is provided only when said timer is running (US '258 column 
3 } lines 23 - 24 and column 5 lines 58 - 65). 

For claim 37, it would be obvious to one of ordinary skill in the art at the time of the 
invention to combine the methods of Godoroja et al. and Shimizu et al. as they both use 
features of a portable and base computing systems and timer functionalities within the same 
field of endeavor (displaying message based on connection between computing systems) and 
with the same problem sought to be solved (limiting access to secure data within a specified 
time). 

For claim 38, Godoroja et al. teaches 

displaying a successful completion message in response to determining that said 
random number matches said decrypted number; and v 

displaying an error message in response to determining that said random number does 
not match said decrypted number and in response to receiving an error code from said base 
system (US '258: see column 3, lines 2 - 3). 

For claims 39 - 42, which are similar in scope and recite 

said access to secure data is provided to said secure data with said portable computing 
system being connected to transmit and receive data from said base computing system on a 
periodic basis. Shimitzu et al. teaches restricting access to data through cryptographic means 
therefore it would be inherent that secure data is being transmitted and received on a periodic 
basis (see Abstract). 
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Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

5. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Laurel Lashley whose telephone number is 571-272-0693. The examiner 
can normally be reached on Monday - Thursday, alt Fridays btw 7:30 am & 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Laurel Lashley 
Examiner 



Application/Control Number: 09/993, 1 35 Page 
Art Unit: 2132 



Art Unit 2132 
0 March 2006 




GILBERTO BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




